From: Ed Carp
Date: March 17 1999 12:11am
Subject: Re: [spam 03.32/10.00 -pobox] Mode setting on my_mkdir
List-Archive: http://lists.mysql.com/mysql/360
Message-Id: <00a201be700a$d061b240$74c9a8c0@traveler.airmail.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

>In mysql_create_db (in sql/sql_db.cc), a new directory is created with mode
>0700.  Is this intentional?  It seems to me like the mode should be either
>711 or 755, since the table files inside each database directory are
>world-readable, but can't be accessed due to directory permissions.


An easier way to find this out (without posting, I might add) is to look at
(1) if mysqld is run suid, and (2) who owns the files in question.  Of
course, one could just go back a few days and read a similar question on the
list.

>My MySQL server needs to be backed up over a network, but the NFS-mounted
>directories won't allow my backup script to read the database files until I
>go in and change each directory to world-executable by hand.


Then you probably want to fix the way the directories are exported on the
host, if changing it is going to break the security model.

>Is this an oversight or an intentionally strict security model?  If the
>former, then I think that the directories should be created with mode 755.
>If the latter, then the .ISD, .ISM, and .frm files should be created with
>mode 500.


I think you mean 600, don't you?